summaryrefslogtreecommitdiff
path: root/README.mdwn
diff options
context:
space:
mode:
Diffstat (limited to 'README.mdwn')
-rw-r--r--README.mdwn20
1 files changed, 18 insertions, 2 deletions
diff --git a/README.mdwn b/README.mdwn
index 7285511d..d4ae09b6 100644
--- a/README.mdwn
+++ b/README.mdwn
@@ -809,9 +809,10 @@ Generation of certificates
> Note: This should be automated in the next upgrade. The instructions
> sound like a lot of effort
-To generate the SSL certs, first you need to clone the following repository:
+To generate the SSL certs, first you need to clone the following repositories:
git clone https://github.com/lukas2511/letsencrypt.sh.git
+ git clone https://github.com/mythic-beasts/letsencrypt-mythic-dns01.git
The version used the first time was `0.4.0` with sha `116386486b3749e4c5e1b4da35904f30f8b2749b`,
(just in case future releases break these instructions)
@@ -827,6 +828,14 @@ of the subdomains:
git.baserock.org
EOF
+And the `config` file needed:
+
+ cat >config <<'EOF'
+ CONTACT_EMAIL="admin@baserock.org"
+ HOOK="../letsencrypt-mythic-dns01/letsencrypt-mythic-dns01.sh"
+ CHALLENGETYPE="dns-01"
+ EOF
+
Create a `dnsapi.config.txt` with the contents of `private/dnsapi.config.txt`
decrypted. To show the contents of this file, run the following in a
`infrastructure.git` repo checkout.
@@ -838,6 +847,8 @@ Now, to generate the certs, run:
./dehydrated -c
+> If this is the first time, you will get asked to run
+> `./dehydrated --register --accept-terms`
In the `certs` folder you will have all the certificates generated. To construct the
certificates that are present in `certs` and `private` you will have to:
@@ -846,7 +857,7 @@ certificates that are present in `certs` and `private` you will have to:
mkdir -p tmp/private tmp/certs
# Create some full certs including key for some services that need it this way
- cat git.baserock.org/cert.csr git.baserock.org/cert.pem chain.pem git.baserock.org/privkey.pem > tmp/private/git-with-key.pem
+ cat git.baserock.org/cert.csr git.baserock.org/cert.pem git.baserock.org/chain.pem git.baserock.org/privkey.pem > tmp/private/git-with-key.pem
cat irclogs.baserock.org/cert.csr irclogs.baserock.org/cert.pem irclogs.baserock.org/chain.pem irclogs.baserock.org/privkey.pem > tmp/private/frontend-with-key.pem
# Copy key files
@@ -876,6 +887,11 @@ keys (located in `private` folder):
ansible-vault encrypt tmp/private/*
+And copy them to the repo:
+
+ cp tmp/certs/* ../../certs/
+ cp tmp/private/* ../../private/
+
Deploy certificates
-------------------
View Lorry Controller Status